frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Ask HN: Would your team use a zero-mutation CLI to audit Kubernetes RBAC access?

1•tutran-se•5h ago
We recently went through a SOC 2 audit and hit a wall when it came to Kubernetes RBAC. The auditor asked, “Can you show who had access to secrets across your cluster during this window?” We ended up: - Dumping RoleBindings and ClusterRoles with kubectl - Manually parsing YAML to figure out permissions - Taking screenshots of shell output It was brittle, slow, and painful.

So we built a tool: Permiflow — a CLI that scans your cluster's RBAC and generates clean, audit-ready reports without touching your cluster.

What it does: - Scans Roles, RoleBindings, ClusterRoles, ClusterRoleBindings - Flags risks: cluster-admin, wildcard verbs, secrets access, etc - Outputs: Markdown reports (easy to share with GRC/auditors), CSV + JSON (for automation) - Supports drift detection: diff two scans and see what changed - Can fail CI if risky access appears (--fail-on high) - Doesn’t use agents, CRDs, or mutate anything (read-only)

We’re not sure if this is: - A real pain other teams feel too - Or just us over-engineering an audit script

Would this be useful for your team? Would you expect it to integrate into CI, GitOps, or just be a one-off tool?

Nimitz sails to Middle East as fighting between Iran and Israel intensifies

https://www.stripes.com/branches/navy/2025-06-16/nimitz-middle-east-israel-iran-18140734.html
1•sorokod•1m ago•0 comments

We built a real-world bench for vectorDBs

https://github.com/zilliztech/VectorDBBench/releases/tag/v1.0.0
1•redskyluan•2m ago•1 comments

Anthropic Principle

https://en.wikipedia.org/wiki/Anthropic_principle
1•FigurativeVoid•2m ago•0 comments

Biotech uses fermentation to produce milk proteins without cows

https://phys.org/news/2025-06-biotech-fermentation-proteins-cows.html
1•PaulHoule•3m ago•0 comments

Leonard Lauder, RIP

https://www.nytimes.com/2025/06/15/business/leonard-a-lauder-dead.html
1•paulpauper•4m ago•1 comments

The Collapse of Complex Societies

https://matthewbutterick.com/chron/the-collapse-of-complex-societies.html
2•myth_drannon•5m ago•0 comments

Static binaries and Homebrew as a channel for internal tools

https://leonardoheld.ovh/static-binaries-and-homebrew-for-internal-tools.html
1•leonheld•5m ago•0 comments

A Tiny Middleman Could Access Two-Factor Login Codes from Tech Giants

https://www.bloomberg.com/news/articles/2025-06-16/two-factor-authentication-codes-take-insecure-path-to-users
1•fastest963•5m ago•0 comments

New York Is Not a Democracy

https://www.theatlantic.com/ideas/archive/2025/06/new-york-mayoral-race-cuomo-mamdani/683146/
1•paulpauper•5m ago•0 comments

I made a tool that turns all your Snapchat stories into a 1-second-per-day video

https://github.com/benna100/snap-one-second-videos
2•RedGreenBlack•5m ago•1 comments

Trump administration's whole-government AI plans leaked on GitHub

https://www.theregister.com/2025/06/10/trump_admin_leak_government_ai_plans/
2•hubraumhugo•6m ago•0 comments

Bypassing Internet Censorship Using SSH

https://zola.ink/blog/posts/bypassing-internet-censorship-using-ssh
1•znano•6m ago•0 comments

A new non-opioid pain killer?

https://www.newyorker.com/magazine/2025/06/02/the-radical-development-of-an-entirely-new-painkiller
1•paulpauper•6m ago•0 comments

Coreapp Dashboard

https://www.coreappdashboard.net/
1•businesszh•6m ago•0 comments

Ask HN: What are the most "upvoted" things you can buy here? Here are a few

1•01-_-•7m ago•0 comments

Sandia Deploys SpiNNaker2 Neuromorphic System

https://www.nextplatform.com/2025/06/16/sandia-deploys-spinnaker2-neuromorphic-system/
1•rbanffy•8m ago•0 comments

Apple Retreats

https://stratechery.com/2025/apple-retreats/
1•retskrad•9m ago•0 comments

Ads are "rolling out gradually" to WhatsApp

https://arstechnica.com/gadgets/2025/06/ads-are-rolling-out-gradually-to-whatsapp/
3•Willingham•10m ago•1 comments

Russian Spies Are Suspicious of China

https://www.nytimes.com/2025/06/07/world/europe/china-russia-spies-documents-putin-war.html
2•gmays•10m ago•0 comments

Data-Parallel Types (SIMD)

https://www.modernescpp.com/index.php/data-parallel-types-simd/
1•ibobev•11m ago•0 comments

Don't Argue: Build

https://lemire.me/blog/2025/06/16/dont-argue-build/
1•ibobev•12m ago•0 comments

Auto-Updating AI Expert Using Telegram Channels and NotebookLM

https://www.junctionbot.io/articles/creating-a-self-updating-ai-expert-based-on-a-telegram-channel
1•astuteficus•13m ago•1 comments

Facial recognition error sees woman accused of theft

https://www.bbc.com/news/articles/cdr510p7kymo
2•croes•15m ago•0 comments

GhostNet: The Cyber Espionage Operation That Shocked the World

https://adaptive.live/blog/inside-ghostnet-the-cyber-espionage-operation-that-shocked-the-world
1•debarshri•16m ago•0 comments

Why today's graduates are screwed

https://www.economist.com/finance-and-economics/2025/06/16/why-todays-graduates-are-screwed
1•petethomas•17m ago•0 comments

Why content is becoming less and less interesting to consume

https://citizendot.github.io/articles/the-great-content-blah/
1•CITIZENDOT•18m ago•1 comments

Show HN: Canine – A Heroku alternative built on Kubernetes thats 10x cheaper

https://github.com/czhu12/canine
3•czhu12•19m ago•0 comments

Is Tahoe macOS 26 or 16?

https://eclecticlight.co/2025/06/13/is-tahoe-really-macos-26-or-16/
1•alwillis•19m ago•0 comments

Startup Slop

https://jihad.house/notes/startup-slop/
2•mxstbr•22m ago•1 comments

Andy Goldsworthy on 50 years of making art

https://www.nytimes.com/2025/06/14/arts/design/a-decade-of-bruising-labor-a-6-mile-work-of-land-art.html
1•bookofjoe•23m ago•0 comments